data "docker_registry_image" "hedgedoc" { name = "quay.io/hedgedoc/hedgedoc:1.10.0" } data "docker_network" "traefik" { name = "traefik" } resource "docker_network" "hedgedoc" { name = "hedgedoc" attachable = true driver = "overlay" lifecycle { ignore_changes = [labels] } } locals { labels = { "shepherd.auto-update" = "true", "traefik.enable" = "true" "traefik.http.services.hedgedoc.loadbalancer.server.port" = "3000", "traefik.http.routers.hedgedoc.rule" = "Host(`pad.montage2.de`)||Host(`pad.chaoswest.tv`)", "traefik.http.routers.hedgedoc.tls" = "true", "traefik.http.routers.hedgedoc.tls.certresolver" = "default", "traefik.http.routers.hedgedoc.middlewares" = "hedgedoc-redirect", "traefik.http.middlewares.hedgedoc-redirect.redirectregex.regex" = "^https://pad.montage2.de/(.*)", "traefik.http.middlewares.hedgedoc-redirect.redirectregex.replacement" = "https://pad.chaoswest.tv/$$${1}", # double escaping is necessary here } } resource "docker_service" "hedgedoc" { name = "hedgedoc" dynamic "labels" { for_each = local.labels content { label = labels.key value = labels.value } } task_spec { networks_advanced { name = data.docker_network.traefik.id } networks_advanced { name = docker_network.hedgedoc.id } container_spec { image = "${data.docker_registry_image.hedgedoc.name}@${data.docker_registry_image.hedgedoc.sha256_digest}" env = merge({ for k, v in var.secrets : k => v }, { CMD_DB_URL = "sqlite:/hedgedoc/db/hedgedoc.sqlite", CMD_DOMAIN = "pad.chaoswest.tv", CMD_URL_ADDPORT = "false", CMD_PROTOCOL_USESSL = "true", CMD_EMAIL = "false", CMD_ALLOW_EMAIL_REGISTER = "false", CMD_ALLOW_ANONYMOUS = "false", CMD_REQUIRE_FREEURL_AUTHENTICATION = "true", CMD_ALLOW_FREEURL = "true", CMD_OAUTH2_PROVIDERNAME = "authentik", CMD_OAUTH2_SCOPE = "openid email profile", CMD_OAUTH2_USER_PROFILE_URL = "https://authentik.montage2.de/application/o/userinfo/", CMD_OAUTH2_TOKEN_URL = "https://authentik.montage2.de/application/o/token/", CMD_OAUTH2_AUTHORIZATION_URL = "https://authentik.montage2.de/application/o/authorize/", CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR = "preferred_username", CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR = "name", CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR = "email", }) mounts { target = "/hedgedoc/db" source = "/mnt/data/pad/db" type = "bind" } mounts { target = "/hedgedoc/public/uploads" source = "/mnt/data/pad/uploads" type = "bind" } } } }